bluebar.php doesn't enforce in-proxy association
Bug #457470 reported by
root
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
psiphon |
Invalid
|
Unknown
|
Unassigned |
Bug Description
* This page doesn't include check_user.php and doesn't do its own in-proxy association check (that the user is coming from the proxy they are limited to)
* It's not trivial to exploit this with just a web browser, as you'd have to move your cookie from one domain to another.
Changed in psiphon: | |
status: | New → Confirmed |
visibility: | private → public |
tags: | added: category1 |
To post a comment you must log in.
If the fix for Bug #552603 results in the removal of enforced proxy associations, this bug will go away.